Almost all computer and computing devices utilize electronic memory devices for recording operating system software, application software and data, which will generally be referred to collectively as data, in this patent. A common problem that has developed with such devices is unauthorized modification of the recorded data. In some cases, such modifications are intentional, as in the case of a user changing the configuration of a software program or storing new data in the memory.
Often these “friendly” modifications will have undesirable results that require the configuration of the computer to be restored or modified again. In other cases, the modifications may be malicious, as in the case of the deletion or modification of recorded data by a virus or an unauthorized person. In general, these “unfriendly” modifications will have undesirable consequences, which may be destructive and substantial.
Computer users, and particularly businesses, can suffer substantial losses in productivity, revenue and profits when their computer systems are modified without authorization. In a business environment where a number of persons are provided with computer systems, it is often desirable that each of the computers have the same configuration. This allows the systems to be configured and used uniformly. It is not desirable that each user provided with such a computer modify the configuration to suit that user's preferences, since this can (i) lead to an incompatibility between the user's computers and the other computer (ii) prevent another user from utilizing the modified computer in a uniform way and (iii) result in the modified computer becoming partially or wholly inoperable, reducing productivity and requiring costly attention from the business's computer support team.
In other cases, it may be desirable to allow users to make modifications to data on a storage medium, but to provide a “snapshot” of the medium from a point at which it was properly configured. In this case, the user may modify the configuration of the computer by adding, deleting or changing software or by editing data on the storage medium. If the user's modification cause the computer to become inoperable, then the data on the storage medium can be restored to its state at the time of the snapshot.
Several devices which attempt to preventing unauthorized modification of software and data stored on a computer hard disk drive are available. Some of these devices attempt to provide a combined hardware/software solution to the problem described above. Other devices attempt to provide a software only solution.
Systems which rely only on software protection will typically intercept any attempt to write data onto or read data from the hard disk, drive. The data is written onto a special memory space but the original data on the hard disk drive is not modified. If the written data is requested in a subsequent data read request, it is read from the special memory space rather than from the hard disk drive. The new data may be accessed only during the same session of computer use and is deleted or discarded when the computer is re-started or on request. This solution has a substantial disadvantage. Malicious software programs, such as viruses, can detect the presence of the protective software and either circumvent or disable it. Furthermore, these systems are unable to conceal the special memory space from the computer system, allowing the malicious software to access it (possibly using low-level data I/O requests. The malicious software can then proceed to make modifications to the data recorded on the hard disk drive, potentially causing the problems set out above. Furthermore, a software solution is generally operating system and/or processor dependent.
Systems which provide a combined hardware and software solution will typically include a card that fits into a PCI or other expansion slot on a computer and a software package. The software package is used to configure the card and may also be used to intercept read and write requests and direct them to a processor on the card. These systems also do not mask from the computer system the any special memory space on the hard drive that is used by the protective system and therefore, suffer from a similar problem susceptibility to detection by malicious software and may also be circumvented.
Accordingly, there is a need for a data protection system which is not operating system or processor dependent and which cannot be circumvented or disabled by malicious software or a malicious user.